crypto and public policy

Reframing the Debate: Privacy is Good Security!

Filed under: Policy May 17, 2004 @ 4:59 pm

Late last week, I led a food-for-thought dinner at the Berkman Center’s ILaw Conference. My topic was privacy, and the participants were fantastic. The discussion led me to conclude one important thing: we’re not framing the privacy debate correctly.

I’m a strong privacy advocate: I lean towards the European point of view where all personal data is owned by the person it describes. An individual should have the right to discover, amend, or remove data maintained about them by corporations and government (with some exceptions for certain classes of law enforcement records). I see this as a basic human right, a requirement for any truly free society.

But if you disagree, then you might be tempted to do away with privacy, a-la Scott McNealy (“You have No Privacy. Get Over It.”). People have legitimate concerns about the business overhead caused by the privacy-as-a-basic-human-right approach. Just ask European companies how much they spend on privacy law compliance: it’s significant. So, if the claim is that privacy is good for freedom, do we have proof of this?

One dinner participant, Professor of Law Margaret Stock from West Point Military Academy, made a very convincing argument in that direction: good security requires privacy. Why? Because maintaining large lists of private citizen information is actually an enormous security weakness. If we maintain such lists, they are bound to become compromised at some point (nobody’s perfect: consider the cases of FBI and CIA double-agent like Hansen and Ames who had inside access). If a terrorist organization got their hands on a mostly complete list of US soldiers’ social security numbers, it could launch a sophisticated Denial of Service Attack on the military: run up every soldier’s credit and cause tremendous stress on their families while they’re on the battlefield. If a terrorist organization got their hands on the profile characteristics used in tracking terror threats, they could devise a means of getting around the flagging mechanisms.

This policy debate is often framed as privacy vs. security. But what if it’s not a compromise? What if doing away with privacy actually turns out to be a security weakness, not a strength? This is a debate worth reframing. It’s not so much that privacy is a basic human right, it’s that privacy might well be a vital security asset.

No Comments

No comments yet.

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.